I note that there are security fixes in these release's -- did I miss
Chris' email about these patches or are we moving away from the model where
we send out an email to the list a couple of days before release?
~Matt Walker
Wikimedia Foundation
Fundraising Technology Team
On Thu, Feb 27, 2014 at 6:55 PM, Brian Wolff <bawolff(a)gmail.com> wrote:
* (bug 61346)
SECURITY: Make token comparison use constant time. It seems
like
our token comparison would be vulnerable to timing attacks. This will
take
constant time.
Not to be a grammar nazi, but that should presumably be something
along the lines of "Using constant time comparison will prevent this"
instead of "This will take constant time", as that could be
interpreted as the attack would take constant time.
--bawolff
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l